From faa341148e5fc5c1aa65654749992fa25c528531 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Thu, 3 Apr 2014 11:54:51 -0400
Subject: [PATCH] FIX: Escape name on activity feed

---
 .../javascripts/discourse/models/user.js      |  8 +++--
 .../discourse/models/user_action.js           | 33 ++++++++++---------
 .../discourse/views/user/user_stream_view.js  |  8 ++---
 3 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/app/assets/javascripts/discourse/models/user.js b/app/assets/javascripts/discourse/models/user.js
index e253b0c4766..bc5186dd68f 100644
--- a/app/assets/javascripts/discourse/models/user.js
+++ b/app/assets/javascripts/discourse/models/user.js
@@ -75,13 +75,15 @@ Discourse.User = Discourse.Model.extend({
   }.property('profile_background'),
 
   statusIcon: function() {
-    var desc;
+    var name = Handlebars.Utils.escapeExpression(this.get('name')),
+        desc;
+
     if(this.get('admin')) {
-      desc = I18n.t('user.admin', {user: this.get("name")});
+      desc = I18n.t('user.admin', {user: name});
       return '<i class="fa fa-trophy" title="' + desc +  '" alt="' + desc + '"></i>';
     }
     if(this.get('moderator')){
-      desc = I18n.t('user.moderator', {user: this.get("name")});
+      desc = I18n.t('user.moderator', {user: name});
       return '<i class="fa fa-magic" title="' + desc +  '" alt="' + desc + '"></i>';
     }
     return null;
diff --git a/app/assets/javascripts/discourse/models/user_action.js b/app/assets/javascripts/discourse/models/user_action.js
index 2bdb3acb0dc..3b584f059b4 100644
--- a/app/assets/javascripts/discourse/models/user_action.js
+++ b/app/assets/javascripts/discourse/models/user_action.js
@@ -8,21 +8,22 @@
 **/
 
 var UserActionTypes = {
-  likes_given: 1,
-  likes_received: 2,
-  bookmarks: 3,
-  topics: 4,
-  posts: 5,
-  replies: 6,
-  mentions: 7,
-  quotes: 9,
-  starred: 10,
-  edits: 11,
-  messages_sent: 12,
-  messages_received: 13
-};
+      likes_given: 1,
+      likes_received: 2,
+      bookmarks: 3,
+      topics: 4,
+      posts: 5,
+      replies: 6,
+      mentions: 7,
+      quotes: 9,
+      starred: 10,
+      edits: 11,
+      messages_sent: 12,
+      messages_received: 13
+    },
+    esc = Handlebars.Utils.escapeExpression,
+    InvertedActionTypes = {};
 
-var InvertedActionTypes = {};
 _.each(UserActionTypes, function (k, v) {
   InvertedActionTypes[k] = v;
 });
@@ -81,11 +82,11 @@ Discourse.UserAction = Discourse.Model.extend({
       replyUrl: this.get('replyUrl'),
       postUrl: this.get('postUrl'),
       topicUrl: this.get('replyUrl'),
-      user: this.get('presentName'),
+      user: esc(this.get('presentName')),
       post_number: '#' + this.get('reply_to_post_number'),
       user1Url: this.get('userUrl'),
       user2Url: this.get('targetUserUrl'),
-      another_user: this.get('targetDisplayName')
+      another_user: esc(this.get('targetDisplayName'))
     }));
 
   }.property('descriptionKey'),
diff --git a/app/assets/javascripts/discourse/views/user/user_stream_view.js b/app/assets/javascripts/discourse/views/user/user_stream_view.js
index 4ec3ded0ac7..7db8799b8f2 100644
--- a/app/assets/javascripts/discourse/views/user/user_stream_view.js
+++ b/app/assets/javascripts/discourse/views/user/user_stream_view.js
@@ -14,13 +14,13 @@ Discourse.UserStreamView = Discourse.View.extend(Discourse.LoadMore, {
 
   actions: {
     loadMore: function() {
-      var userStreamView = this;
-      if (userStreamView.get('loading')) { return; }
+      var self = this;
+      if (this.get('loading')) { return; }
 
       var stream = this.get('controller.model');
       stream.findItems().then(function() {
-        userStreamView.set('loading', false);
-        userStreamView.get('eyeline').flushRest();
+        self.set('loading', false);
+        self.get('eyeline').flushRest();
       });
     }
   }